| View previous topic :: View next topic |
| Author |
Message |
Toasty
-
Joined: 21 Feb 2008
Posts: 298
Location: Chicago, IL
|
 Posted: Mon May 19, 2008 11:42 pm Post subject: Expiring Downloads...Easy Solution? |
 |
|
Okay, I'm looking to make it so people can download files from my site (actually, I've had it that way since my X1 days...).
But, to prevent cross links to my site's download, I was planning on adding a random hash to the end of it and having the file self-delete when it is done sending.
So far, this is the only way I THINK it will work:
URL rewriting that has a script echo out the file (most of the files will need to be sent binary safe, as they're executable or BINs), then after 5 minutes or so, UNLINK() the file that was downloaded.
Is there an easier/better way to do this?
Regards,
Toasty
_________________
Audit the secure configuration of your server headers! |
|
| Back to top |
   |
 |
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Tue May 20, 2008 12:06 am Post subject: Re: Expiring Downloads...Easy Solution? |
|
|
| Toasty wrote: | Okay, I'm looking to make it so people can download files from my site (actually, I've had it that way since my X1 days...).
But, to prevent cross links to my site's download, I was planning on adding a random hash to the end of it and having the file self-delete when it is done sending.
So far, this is the only way I THINK it will work:
URL rewriting that has a script echo out the file (most of the files will need to be sent binary safe, as they're executable or BINs), then after 5 minutes or so, UNLINK() the file that was downloaded.
Is there an easier/better way to do this?
Regards,
Toasty |
TrustAbyss's filelimit script :-) Do a search on the forum for it.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
|
| Back to top |
|
|
Toasty
-
Joined: 21 Feb 2008
Posts: 298
Location: Chicago, IL
|
| Posted: Tue May 20, 2008 4:23 am Post subject: |
|
|
I appreciate it, I wrote something that uses URL rewrites instead, but will need a little more work.
I tend to avoid using other peoples code, not so much a trust thing as it is a "pride" thing. I like being able to say I coded everything on all my sites, from the forums to the image manipulation scripts.
_________________
Audit the secure configuration of your server headers! |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Tue May 20, 2008 11:57 pm Post subject: |
|
|
| Toasty wrote: | I appreciate it, I wrote something that uses URL rewrites instead, but will need a little more work.
I tend to avoid using other peoples code, not so much a trust thing as it is a "pride" thing. I like being able to say I coded everything on all my sites, from the forums to the image manipulation scripts. |
Same here!
The next version of FileLimit will use nothing but URL Rewriting for its file paths. |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Tue May 27, 2008 3:44 pm Post subject: Re: Expiring Downloads...Easy Solution? |
|
|
Toasty,
There is a simpler solution (anyway, one that does not need calling unlink()). It requires that you have a script which will serve files (but you can use URL rewriting to hide that fact) and another one to generate the URLs.
The script will get the required file name FN, a validity date VD, plus a key K.
The script will check that the key K is the same as the result of a hash function (md5 for example) applied to a concatenation of the file name FN, a secret string SS, and the validity date VD. If so, it will serve the file if the date is earlier than VD. Otherwise (if the key do not match with the computed value or if the date is later than VD), and error is reported.
The file will be served using readfile() for example in PHP. The file can be located outside the Web site directory (it is even better and more secure).
The script that will generate the URLs will be used by you only and will apply the same procedure described above to generate the key K from the file name and the validity date you'd like to assign to a particular download.
The whole system is based on the fact that it is difficult to guess SS from the hashes and succeed to build keys that have other validity dates. Anyone who will tamper the URL (change VD or K) will not be allowed to download the file.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
